Add rsyslog plugin support for frr log (#16192)

### Why I did it

Currently there is only rsyslog plugin support for /var/log/syslog, meaning we do not detect events that occur in frr logs such as BGP Hold Timer Expiry that appears in frr/bgpd.log. 

##### Work item tracking
- Microsoft ADO **(number only)**: 13366345

#### How I did it

Add omprog action to frr/bgpd.log and frr/zebra.log. Add appropriate regex for both events.

#### How to verify it

sonic-mgmt test case
This commit is contained in:
Zain Budhwani 2023-09-12 16:53:45 -07:00 committed by GitHub
parent 51fb6d7d9f
commit 337a9dbcf4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 33 additions and 12 deletions

View File

@ -0,0 +1 @@
$ModLoad omprog

View File

@ -54,6 +54,7 @@ COPY ["TSC", "/usr/bin/TSC"]
COPY ["TS", "/usr/bin/TS"] COPY ["TS", "/usr/bin/TS"]
COPY ["files/supervisor-proc-exit-listener", "/usr/bin"] COPY ["files/supervisor-proc-exit-listener", "/usr/bin"]
COPY ["zsocket.sh", "/usr/bin/"] COPY ["zsocket.sh", "/usr/bin/"]
COPY ["00-frr.conf", "/etc/rsyslog.d/"]
COPY ["*.json", "/etc/rsyslog.d/"] COPY ["*.json", "/etc/rsyslog.d/"]
COPY ["files/rsyslog_plugin.conf.j2", "/etc/rsyslog.d/"] COPY ["files/rsyslog_plugin.conf.j2", "/etc/rsyslog.d/"]
RUN chmod a+x /usr/bin/TSA && \ RUN chmod a+x /usr/bin/TSA && \

View File

@ -3,16 +3,6 @@
"tag": "bgp-state", "tag": "bgp-state",
"regex": "Peer .default\\|([0-9a-f:.]*[0-9a-f]*). admin state is set to .(up|down).", "regex": "Peer .default\\|([0-9a-f:.]*[0-9a-f]*). admin state is set to .(up|down).",
"params": [ "ip", "status" ] "params": [ "ip", "status" ]
},
{
"tag": "zebra-no-buff",
"regex": "No buffer space available",
"params": []
},
{
"tag": "notification",
"regex": "NOTIFICATION: (received|sent) (?:to|from) neighbor ([0-9a-f:.]*[0-9a-f+]*)\\s*.* (\\d*)\/(\\d*)",
"params": [ "is_sent", "ip", "major_code", "minor_code" ]
} }
] ]

View File

@ -0,0 +1,7 @@
[
{
"tag": "notification",
"regex": ".*NOTIFICATION: (received|sent) (?:to|from) neighbor ([0-9a-f:.]*[0-9a-f+]*)\\s*.* (\\d*)\/(\\d*)",
"params": [ "is_sent:ret=(arg==\"sent\")and\"true\"or\"false\"", "ip", "major_code", "minor_code" ]
}
]

View File

@ -7,8 +7,6 @@ template(name="prog_msg" type="list") {
constant(value="\n") constant(value="\n")
} }
$ModLoad omprog
{% for proc in proclist %} {% for proc in proclist %}
if re_match($programname, "{{ proc.name }}") then { if re_match($programname, "{{ proc.name }}") then {
action(type="omprog" action(type="omprog"

View File

@ -335,6 +335,8 @@ sudo cp $BUILD_TEMPLATES/syncd_regex.json $FILESYSTEM_ROOT_ETC/rsyslog.d/
sudo cp $BUILD_TEMPLATES/kernel_regex.json $FILESYSTEM_ROOT_ETC/rsyslog.d/ sudo cp $BUILD_TEMPLATES/kernel_regex.json $FILESYSTEM_ROOT_ETC/rsyslog.d/
sudo cp $BUILD_TEMPLATES/dockerd_regex.json $FILESYSTEM_ROOT_ETC/rsyslog.d/ sudo cp $BUILD_TEMPLATES/dockerd_regex.json $FILESYSTEM_ROOT_ETC/rsyslog.d/
sudo cp $BUILD_TEMPLATES/seu_regex.json $FILESYSTEM_ROOT_ETC/rsyslog.d/ sudo cp $BUILD_TEMPLATES/seu_regex.json $FILESYSTEM_ROOT_ETC/rsyslog.d/
sudo cp $BUILD_TEMPLATES/zebra_regex.json $FILESYSTEM_ROOT_ETC/rsyslog.d/
sudo cp $BUILD_TEMPLATES/bgpd_regex.json $FILESYSTEM_ROOT_ETC/rsyslog.d/
# Install custom-built monit package and SONiC configuration files # Install custom-built monit package and SONiC configuration files
sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/monit_*.deb || \ sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/monit_*.deb || \

View File

@ -0,0 +1,7 @@
[
{
"tag": "zebra-no-buff",
"regex": "No buffer space available",
"params": []
}
]

View File

@ -1,12 +1,27 @@
## Quagga rules ## Quagga rules
template(name="prog_msg" type="list") {
property(name="msg")
constant(value="\n")
}
$ModLoad omprog
if re_match($programname, "bgp[0-9]*#(frr|zebra|staticd|watchfrr)") then { if re_match($programname, "bgp[0-9]*#(frr|zebra|staticd|watchfrr)") then {
/var/log/frr/zebra.log /var/log/frr/zebra.log
action(type="omprog"
binary="/usr/bin/rsyslog_plugin -r /etc/rsyslog.d/zebra_regex.json -m sonic-events-bgp"
output="/var/log/rsyslog_plugin.log"
template="prog_msg")
stop stop
} }
if re_match($programname, "bgp[0-9]*#bgpd") then { if re_match($programname, "bgp[0-9]*#bgpd") then {
/var/log/frr/bgpd.log /var/log/frr/bgpd.log
action(type="omprog"
binary="/usr/bin/rsyslog_plugin -r /etc/rsyslog.d/bgpd_regex.json -m sonic-events-bgp"
output="/var/log/rsyslog_plugin.log"
template="prog_msg")
stop stop
} }